Posted
by
Unknown Lamer
on Wednesday May 14, 2014 @09:25AM
from the don't-be-so-nosy dept.

An anonymous reader writes with news that the IETF has adopted a policy of designing new protocols taking into account the need to mitigate pervasive monitoring of all traffic. From the article: "...RFC 7258, also known as BCP 188 (where BCP stands for 'Best Common Practice'); it represents Internet Engineering Task Force consensus on the fact that many powerful well-funded entities feel it is appropriate to monitor people's use of the Net, without telling those people. The consensus is: This monitoring is an attack and designers of Internet protocols must work to mitigate it."

All RFCs are supposed to have a section covering security considerations, and there are a couple of of RFCs about that. RFC 3552 (2003), has section 3.2.1. "Confidentiality Violations", indicating that protocol authors should consider the possibility of eavesdropping. The new RFC (7258) just expands upon 3552.

It is technical rather than political in the sense that 7258 essentially says we wouldn't develop SMTP the same way again, sending everything in the clear. If we were developing a new mail protocol, we should design it to support encryption from the get-go. (Ie include RFC 3207 capabilities in the original RFC 2476). That's a technical decision, with a technical implementation.